//package com.han.school.config;//package com.han.school.config;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//
//@Configuration
//@EnableWebSecurity
//public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
////        auth.jdbcAuthentication()
////                .withUser("hanyuhan").password("123456").roles("admin");
//    }
////授权
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//
//        http
//                .formLogin()
//                .loginProcessingUrl("/login") //当发现/login 时认为是登录，需要执行 UserDetailsServiceImpl
//                .successForwardUrl("/indexInit") //此处是 post 请求
//                .loginPage("/loginInit");
//        // url 拦截
//        http.authorizeRequests()
//                .antMatchers("/loginInit","/login.html","/js/**","/css/**","/images/*","/fonts/**","/**/*.png","/**/*.jpg").permitAll() //login.html 不需要被认证
//                .anyRequest().authenticated(); //所有的请求都必须被认证。必须登录后才能访问。
//        //关闭 csrf 防护
//        http.csrf().disable();
//
//        http.logout().logoutSuccessUrl("/loginInit");
//    }
//
//    @Bean
//    public PasswordEncoder getPass(){
//        return new BCryptPasswordEncoder();
//    }
//
//}
